#!/bin/bash

# 修复Nginx重复upstream定义问题
echo "=== 开始修复Nginx重复upstream定义问题 ==="

# 1. 检查所有包含cu_mr_bull_api的配置文件
echo "1. 检查所有包含cu_mr_bull_api的配置文件："
find /etc/nginx -name "*.conf" -exec grep -l "cu_mr_bull_api" {} \;

# 2. 显示主nginx.conf中的upstream定义
echo "\n2. 检查主nginx.conf中的upstream定义："
grep -n "upstream" /etc/nginx/nginx.conf || echo "主配置文件中没有upstream定义"

# 3. 删除所有可能的重复配置
echo "\n3. 清理所有可能的重复配置："
rm -f /etc/nginx/conf.d/cu-mr-bull.conf
rm -f /etc/nginx/sites-enabled/cu-mr-bull*
rm -f /etc/nginx/sites-available/cu-mr-bull*

# 4. 创建全新的配置文件
echo "\n4. 创建全新的Nginx配置："
cat > /etc/nginx/conf.d/cu-mr-bull.conf << 'NGINX_EOF'
# Cu Mr Bull API 配置
upstream cu_mr_bull_api {
    server 127.0.0.1:3000;
    keepalive 32;
}

# API 服务器配置
server {
    listen 443 ssl http2;
    server_name api.cumrbull.com.sg;
    
    # SSL 配置
    ssl_certificate /etc/ssl/certs/cumrbull.crt;
    ssl_certificate_key /etc/ssl/private/cumrbull.key;
    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384;
    
    # 健康检查端点
    location /health {
        proxy_pass http://cu_mr_bull_api/health;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_connect_timeout 5s;
        proxy_send_timeout 10s;
        proxy_read_timeout 10s;
    }
    
    # API 路由
    location /api/ {
        proxy_pass http://cu_mr_bull_api/api/;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_connect_timeout 10s;
        proxy_send_timeout 30s;
        proxy_read_timeout 30s;
    }
}

# 管理后台服务器配置
server {
    listen 443 ssl http2;
    server_name admin.cumrbull.com.sg;
    
    # SSL 配置
    ssl_certificate /etc/ssl/certs/cumrbull.crt;
    ssl_certificate_key /etc/ssl/private/cumrbull.key;
    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384;
    
    # API 路由（管理后台）
    location /api/ {
        proxy_pass http://cu_mr_bull_api/api/;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_connect_timeout 10s;
        proxy_send_timeout 30s;
        proxy_read_timeout 30s;
    }
    
    # 静态文件（如果有管理界面）
    location / {
        try_files $uri $uri/ @backend;
    }
    
    location @backend {
        proxy_pass http://cu_mr_bull_api;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }
}
NGINX_EOF

# 5. 测试配置
echo "\n5. 测试Nginx配置："
nginx -t

if [ $? -eq 0 ]; then
    echo "\n6. 配置测试通过，重新加载Nginx："
    systemctl reload nginx
    echo "\n7. 检查Nginx状态："
    systemctl status nginx --no-pager -l
else
    echo "\n配置测试失败，请检查错误信息"
    exit 1
fi

echo "\n=== 修复完成 ==="
echo "请测试以下端点："
echo "- https://api.cumrbull.com.sg/health"
echo "- https://admin.cumrbull.com.sg/api/auth/login"